Vulnerabilities in Hangul word processing program exploited

The South Korean public sector is once again in the firing line of a sophisticated – and likely government-backed – cyberattack.

The campaign was active between November 2016 and January 2017 and relied on exploiting vulnerabilities in a Korean language word processing program and a spoofed document from the Korean Ministry of Unification.

"This attack is notable because it uses the proprietary format of the Hangul Word Processor, a regional word processor and popular alternative to Microsoft Office for South Korean users," Cisco Talos reports.

"Due to these elements it's likely that this campaign has been designed by a well-funded group in an attempt to gain a foothold into South Korean assets, which can be deemed extremely valuable."

Many of these techniques fit the profile of campaigns previously associated with attacks by certain government groups. South Korean systems are routinely attacked by their neighbors in the North. The US National Security Agency also has a history of gaining access to networks in South Korea, primarily to spy on the Norks.

North Korea has repeatedly been blamed for hacks and malware-based attacks on its southern neighbors, most notoriously the so-called Dark Seoul attacks against banks and broadcasters of 2013. The NORKS were also blamed by US intel agencies for the infamous Sony Pictures hack of 2014. ®